Method of distributing a decryption key in fixed-content data

ABSTRACT

Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to and is a continuation of U.S. patentapplication Ser. No. 13/925,780, filed Jun. 24, 2013 (U.S. Pat. No.9,081,972, to be issued Jul. 14, 2015), which is a continuation of U.S.patent application Ser. No. 13/108,539, filed on May 16, 2011 (now U.S.Pat. No. 8,473,742, issued Jun. 25, 2013), which is a continuation ofU.S. patent application Ser. No. 12/059,361, filed on Mar. 31, 2008 (nowU.S. Pat. No. 7,945,052, issued May 17, 2011), which claims priority toU.S. Provisional Patent Application Ser. No. 60/908,738, filed Mar. 29,2007, which is hereby incorporated by reference in its entirety.

BACKGROUND

1. Field of the Invention

The present invention relates to management of digital content, and inparticular, to systems and methods for providing protected digitalcontent to authorized users.

2. Description of Related Art

Piracy is a significant concern among digital content providers. Withthe ubiquity of high speed Internet connectivity, transfers anddownloads of even high definition quality movies can easily and rapidlybe accomplished over networks. Moreover, the electronic delivery ofdigital content removes several barriers to pirating. One barrier thatis removed is any requirement for the user to purchase a tangiblearticle, such as CD and DVD disks, containing the digital content.Another barrier is the digital format of the content itself. Becausethere is no degradation in quality of copied digital content, there isno perceived disadvantage to using original versus pirated digitalcontent. Copyrighted digital content of all types is regularly piratedon a massive scale, demonstrating the failure of present technology toprevent unauthorized copying.

Digital content providers have responded to the threat of digital piracyby implementing various strategies to discourage or prevent unauthorizedaccess and copying. One such strategy is to provide incentives forconsumers to purchase original DVD disks by including value-addedcontent that is not otherwise available to the public. The problempersists, however, in that the original DVD disks themselves can bepirated. To that end, a copy protection requirement, known as thecontent scrambling system (CSS), is implemented in the DVD standards toprevent unauthorized copying of video files directly from the disc. CSSaccomplishes this by scrambling certain sectors containing audio-videodata in such a way that the data cannot be used to recreate a validsignal. The scrambled sectors are encrypted with a title key stored inthe sector header and a disc key which is hidden in the control area ofthe disc and is not directly accessible.

The CSS algorithm and keys were supposed to remain secret, but in 2000,computer hackers were able to reverse engineer the algorithm and deriveall of the keys. Still, CSS and other content-protection schemes forDVD, Blu-Ray, and other digital media often prevent the average userfrom using a computer to copy a DVD movie or other digital content, andperfect unauthorized DVD copies are rare or non-existent. Instead, manypirated copies of DVD's are generated using what is sometimes referredto as the “analog hole” to create digital copies from the analog outputof a player device. Even digital pirated copies can often be detected bysmall differences in digital data that may or may not affect the copies'playability and analog output. Absolute content protection is perhapsunrealistic, as a completely foolproof copy protection method would makeit impossible to use the disc. If you can see it or hear it, you cancopy it. There is therefore a need for digital content providers to beable to provide a more secure distribution system for digital contentthat protects the rights of content owners by further encouragingcustomers to purchase original authorized copies of content and providesgreater copyright protection for downloadable content.

SUMMARY

Various systems and methods are disclosed herein for encouraging thepurchase of authorized copies of original content by including bonussecondary content and also for providing a more secure distributionsystem for the bonus secondary content. This may be accomplished byselecting a decryption key that is determined by at least a portion ofthe raw encrypted audio-video data (“REAVD”) that is provided on anoriginal media article, such as an optical DVD disc, Blu-Ray disc,CD-ROM or a memory device. As used herein, “REAVD” may includeincidental bits that are not used directly to create audio-video outputor that are not encrypted, for example, a sector header or decryptionkey integrated with encrypted audio-video data. Conversely, as usedherein, “REAVD” excludes data that is not primarily comprised of bitsthat are used to generate an audio-video output signal when played by acompatible media player device. The REAVD may be itself encrypted usinga key that is not the decryption key. As used herein, “audio-video”refers to data or a signal for producing sounds and images recognizableby a human being as images of a real or imaginary scene, and excludesmerely random, chaotic or machine-only recognizable sounds and images.The decryption key may be extracted from different data segments on themedia article and may be used at a client terminal to decrypt encryptedsecondary content. Different data reconstruction protocols may beprovided to extract the decryption key for the same media article.

A portion or all of the REAVD that is used to determine the decryptionkey may read from a segment of the media article that cannot be copiedto a writable media article copy using a consumer CD/DVD burner or otherconsumer copying device. For example, discs manufactured according tothe DVD standard can include encoded data on a physical portion of thedisc that cannot be written to a copy made using a consumer DVD burner.A molded disc, in other words, can be made that holds more data than canbe burned onto a writable disc. Thus, the method may be configured toensure that only those who possess original authorized copies of the DVDdisc are able to decrypt the encrypted secondary content. It isunderstood that the methods and systems disclosed herein are not limitedto a particular hardware or software architecture for carrying out thesteps described herein.

In one embodiment, a method for using a media article for providingaccess to encrypted secondary content at a client terminal is provided.The method comprises receiving encrypted secondary content at a clientterminal; extracting a decryption key from a media article encoded withraw encrypted audio-video data (“REAVD”), the decryption key beingdetermined by at least a portion of the REAVD; using the decryption keyto decrypt the encrypted secondary content; and outputting the decryptedsecondary content from the client terminal.

In accordance with one aspect of the technology, the client terminal mayreceive the encrypted secondary content from a remote host, a secondmedia article, or both.

In accordance with another aspect of the technology, the decryption keymay be determined by different portions of encoded REAVD located ondifferent segments of the media article. The decryption key may also befurther determined by one or more REAVD data segments which areunwritable using a copying device, one or more data segments whichrelate to the encryption status of the media article, or both.

In accordance with yet another aspect of the technology, the decryptionkey may be determined by the entirety of the data on the media articlewith a one-to-one mapping of the encrypted secondary content and thedata on the media article, or any combination of the foregoing. Theone-to-one mapping may be, for example, an exclusive “OR” operation withthe encrypted secondary content to produce decrypted secondary content,or the addition/subtraction of the DVD REAVD data in segregated bits,bytes, or other bit groups from the digital data of the encryptedsecondary content to produce decrypted secondary content.

In accordance with a further aspect of the technology, outputting thedecrypted secondary content from the client terminal may includedownloading the secondary content on a memory associated with the clientterminal, displaying the secondary content on a display associated withthe client terminal, or both.

In another embodiment, a method for encrypting secondary content fordistribution to client terminals may be provided. The method comprisesselecting at least a portion of REAVD that is provided on a mediaarticle as an encryption key; encrypting secondary content using theencryption key; and storing encrypted secondary content at a remotelylocated host.

In accordance with one aspect of the technology, the method may furthercomprise any one or more of the following: receiving a request from aclient terminal for secondary content and delivering encrypted secondarycontent to the client terminal. The encrypted secondary content may bedecrypted by the client terminal using a decryption key determined by atleast a portion of the REAVD provided on the media article that is readby the client terminal. The decryption key may further include one ormore data segments which are unwritable using a copying device.

In accordance with another aspect, the encryption key and the decryptionkey may be identical or different.

In accordance with another aspect of the technology, an encryption keyon one or more specified disks, purchased separately with or withadditional hardware devices may permit decryption of live,time-sensitive events. It should be understood that multiple streamskeyed to multiple encryption keys may be used to permit the use of morethan one disk to decrypt the stream.

Other objects, features and advantages of the present invention willbecome apparent to those skilled in the art from the following detaileddescription.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing the interaction between the clientterminal and the source node, and the resulting transmission ofencrypted secondary content to the client terminal.

FIG. 2 is a schematic diagram showing the use of two media discs toprovide access to encrypted secondary content residing on one of themedia discs.

FIG. 3 is a flow chart showing the steps performed by a source node inencrypting secondary content.

FIGS. 4A-4B are block diagrams illustrating selection of a REAVDencryption key from data encoded on a media article.

FIG. 5 is a flow chart showing the steps of performed by a clientterminal in obtaining access to encrypted secondary content from thesource node.

Like numerals refer to like parts throughout the several views of thedrawings.

DETAILED DESCRIPTION

Exemplary methods and systems for selecting and distributing adecryption key used to decrypt secondary content are disclosed herein.In the detailed description that follows, like element numerals are usedto denote like elements that appear in the figures.

FIG. 1 is a schematic diagram showing a system 100 embodying anexemplary aspect of the disclosed technology. A client terminal 102plays an original or an authorized copy of a media disc, tape, device orother tangible media article 103 containing raw encrypted audio-videodata REAVD, such as, for example, a television episode or motionpicture. Media article 103 may be configured such that the REAVD encodedon it generates audio-video output, for example, the television episodeor motion picture, when the media article is played in a suitableplayer. As used herein, a “media article” refers to an individual objector electronic storage device on which digital audio-video data isstored. Client terminal 102 may comprise a general-purpose computer,specialized media player (e.g., DVD, Blu-Ray, or other player), portablemedia player, cellular telephone with broadband media capability, or anyother client that is capable of reading the media article 103 andcommunicating with a source node 106 for secondary content. Suitablemedia article 103 may comprise, for example, an imprinted DVD, HD-DVD,or Blu-Ray disc. An imprinted media article 103 may advantageouslyinclude data that cannot be written to a disk copy using a consumermedia burner, preferably because of inherent limitations of writablemedia discs. Thus, to the extent that media 103 comprises a perfect copyof an authorized released media article, it may be assumed with a highdegree of certainty that the copy is authorized and not pirated. On theother hand, to the extent that media 103 does not comprise a perfectcopy of an authorized released media article, it likely will not beuseful for decrypting secondary content.

The client terminal 102 may request additional or bonus secondarycontent 110 residing at a source node 106 over a wide area network 104.The additional secondary content 110 is different and distinct fromcontent encoded on or in the tangible media article 103. The additionalcontent 110 is not encoded on the media article 103. The source node 106may respond by sending an encrypted copy of the secondary content 112 tothe client terminal 102, where the encrypted secondary content may bedecrypted based on at least a portion of the REAVD residing on the DVDdisc. After being decrypted, an audio-video output may be provided fromthe decrypted secondary content, using an output device of the clientterminal 102, such as display screen 105. In the alternative, terminal102 may store the decrypted secondary content for future use, ortransmit the decrypted secondary content to another device.

In accordance with this embodiment, for example, a user may purchase aDVD disc containing selected episodes of a television series. The REAVDcontained in the DVD disc for the television episodes may be used toprovide the decryption key for secondary content which may be, forexample, a new episode of the current season that is being broadcast andnot yet available on any DVD or other media disc. The user may insertthe DVD disc into a client terminal to play it. One of the user optionsprovided during play of the DVD disc may include an option to view ordownload additional content from an online source. By selecting such anoption, the user may cause the client computer to download or stream theencrypted new episode, the secondary content, from the source nodethrough the Internet. Since the new episode would be encrypted againstthe decryption key on the DVD disc for season one, only those who havean authorized or perfect copy of that DVD disc would be able to decryptand view the new episode.

FIG. 2 is a schematic diagram showing another embodiment of the system200. In accordance with this embodiment, two or more media discs orother media articles 202, 204 may be used to provide access to encryptedbonus content 206 residing on or more of the media discs. The decryptionkey for the encrypted bonus content would be determined based on theREAVD on two or more media discs, and this decryption key may be used toprovide the user access to otherwise hidden or inaccessible secondary orbonus content either from one of the media discs or alternatively, froma remotely located source node.

FIG. 3 is a flow chart 300 showing exemplary steps that may be performedby a source node in encrypting secondary content for subsequentdistribution to authorized client terminals. A media disc, such as a DVDor Blu-Ray disc, may contain REAVD as well as various keys hidden inareas of the disc which are not writable using a consumer media-writingdevice, for example, a DVD ROM drive or other media writing device. Suchareas may include the sector header, the control area of the disc in thelead-in, which cannot be copied using a consumer copying device.Preferably, the media disc is in a “write once, read many format” thatcannot readily be erased and rewritten.

One of the first steps may be to select or otherwise define at least aportion of the REAVD encoded on or in the digital media article as anencryption key 302 for secondary content to be released to holders ofauthorized copies of the media article. The selected REAVD may includesvarious keys relating to the encryption status of the disc and to alsoto those hidden in the uncopyable areas of the disc. The selected REAVDmay include all of the REAVD encoded on the media article, or somesubstantial portion of it that is not readily copied. Thus, even ifsomeone duplicated the disc, any change in the encryption status of theunderlying disc (e.g., a decrypted copy or analog-to-digital copy) wouldchange the value of the encoded data such that it would becomeimpossible to recover the REAVD used as an encryption key, therebypreventing the proper decryption key from being extracted from thetangible media article. Even a raw data copy of the DVD disc shouldstill be unusable as a decryption key, so long as portions of the datamaking up the selected REAVD encryption key reside on a portion of adisc cannot be copied by the relevent consumer DVD/CD, Blu-Ray, or othermedia burners.

The REAVD encryption key may be defined or selected so as to berelatively massive relative to the secondary content to beencrypted/decrypted using the key. “Relatively massive” as used hereinmeans at least 1000 times larger than conventional 128 bit or 256 bitkeys (i.e., no less than 128,000 bits). More preferably, however, theREAVD encryption key is of a relatively massive size (i.e., number ofbits) comparable to the number of bits in the secondary content to beencrypted using the REAVD key. For example, if the secondary content isexactly 300 megabytes (2.4×109 bits) in size, the selected REAVD key mayalso be 300 megabytes in size, depending on the selectedencryption/decryption method. Certain one-to-one reversible transforms,for example, an exclusive “OR” operation, are readily used with an keythat is exactly the same size as the encrypted secondary data. Othertransforms may easily be adopted that operate with other than a 1:1mapping, such as a 2:1 transform, 1:2 transform, or any other transformrequiring a relatively massive key. The present technology is notlimited to a particular transform ratio or transform method.

FIG. 4A is a block diagram illustrating an algorithm for selection of aREAVD encryption key from a playable media article such as a molded DVDor Blu-Ray disc used to generate audio-video output. The area inside therectangle 210 represents all of the data encoded on the disc, forexample, 600 megabytes of encrypted audio-video data. Area 212represents data encoded on a sector of the media article that cannot becopied to a writable media disc. Presuming, for the sake of example,that the media article is scanned (read) vertically from left to right,dotted line 214 represents a scan line just after 300 megabytes havebeen read, starting with the first bit of the uncopyable sector 212.FIG. 4A therefore represents selecting the first “X” bits encoded on themedia article to be the REAVD key, where “X” is the number of key bitsneeded, whether that be equal to the number of bits of secondary contentto be encrypted or some other ratio.

FIG. 4B is a block diagram illustrating an alternative algorithm forselection of a REAVD encryption key from a playable media article. Here,the REAVD may be selected to include, for example, all or a portion ofthe data in sector 212 and selected blocks of data 216 a, 216 b, 216 calternating with and spaced apart by unselected blocks of data 218 a,218 b and 218 c. Block 220 represents a residual unselected portion. Anynon-zero number of selected or unselected blocks may be used, in anypattern, including overlapping patterns; FIG. 4A illustrates the simplecase of one (1) block while FIG. 48 illustrates multiple blocks. In anoverlapping pattern of selected blocks, an “overlapping” portion of thedata 210 encoded on the media article is duplicated at a one or moredifferent locations of the REAVD key. In a non-overlapping pattern, noneof the data 210 appears more than once in the REAVD key. The multipleblocks may be spaced apart by any non-zero number of bits and maycomprise any non-zero number of bits. Using various different selectionalgorithms, it should be possible to generate a virtually unlimitednumber of different REAVD encryption keys from any typical large mediaarticle, such as a DVD disc or Blu-Ray disc. In addition, by using anoverlapping REAVD selection algorithm, it is possible to generate aREAVD encryption key that is any desired degree greater in size than theentire original REAVD data on a given media disk.

The scheme or method of selecting the REAVD key from data encoded on themedia article for encrypting at the source, whatever it is, must beprovided or known to client devices that have access to an authorizedcopy of the media article and wish to decrypt secondary content.Therefore, the source device should make a record of the scheme used,herein referred to as a “REAVD key recognition algorithm”. The REAVD keyrecognition algorithm may be varied depending on the release or versionof the authorized media article, with time, geographic location, or anyother parameter that may be applicable to a plurality of clients ormedia articles. In the alternative, the REAVD key recognition algorithmmay be constant. However, use of a variable REAVD key recognitionalgorithm may provide greater security. In embodiments where a variableREAVD key recognition algorithm is used, it may be provided to clientswhen the client seeks to access secondary encrypted content, or at anyappropriate prior time. In the alternative, or in addition, the REAVDkey recognition algorithm used with a particular release of a mediaarticle, or any portion of it, may be predetermined and encoded on themedia article itself.

Referring again to FIG. 3, once the REAVD encryption key is selected, itmay be stored as an encryption/decryption key for the secondary contentfor use by the source node. In the alternative, it may be used “on thefly” to encrypt the secondary content and then discarded, provided thatthe REAVD key recognition algorithm is saved in association with aunique identifier for the media articles containing original REAVD datato which the REAVD key recognition algorithm pertains.

The secondary content may be encrypted using the encryption key 304 andstored at a host server 306 for distribution to authorized clientterminals. Various suitable two-way encryption algorithms may beemployed at the source using the REAVD encryption key. Performing anexclusive “OR” operation on the data to be encrypted and a REAVD key ofequal length is one computational simple example of a reversibleencryption transform algorithm, having the advantage of being very fastand assuredly reversible. A myriad of other transforms that exploit andrequire the use of a relatively massive binary key may also be used. Forexample, bits from the REAVD key may be inserted at defined intervals(e.g., every other bit, every third bit, etc.) in the secondary contentto be encrypted. For further example, the REAVD key or defined portionsof it may be added, subtracted, multiplied, divided, raised to a powerof, or otherwise used in a reversible transform on the secondary data tobe encrypted. Any combination of different transform operations may beused in a given algorithm. As a massive key, the REAVD encryption keymay be best suited for symmetric or reversible encryption methods. Thatis, the same key may be used to both encrypt and decrypt the targetdata. Hence, the massive REAVD encryption key may be variously referredto herein as an encryption key, encryption/decryption key, or decryptionkey. Likewise the symmetric encryption algorithm may be variouslyreferred to herein as an encryption algorithm, encryption/decryptionalgorithm, or decryption algorithm.

In the alternative to symmetric encryption, to the extent that anyasymmetric encryption and decryption method is known that can makeefficient use of a massive decryption key constituted of predeterminedREAVD, such a method may be used to encrypt the secondary content. Insuch case, the massive REAVD key encoded on the media article shouldconstitute the decryption key of the asymmetric keyset. However, thepredetermined, essentially arbitrary nature of the REAVD encoded on themedia article, which by definition must include encrypted audio-videodata, may prevent or limit its usefulness as a decryption key of anasymmetric keyset. Known asymmetric encryption methods generate aspecific public decryption key in a determinate fashion from a knownprivate key. Such a determinate decryption key will not qualify as REAVDno matter what its size, because it cannot, using known technology, beitself decrypted and used to generate audio-video output.

Different encryption transform algorithms may be used for differentREAVD data, or in the alternative, an unvarying encryption transformalgorithm may be used for all REAVD data encoded on different releasesof media articles. The use of different encryption transform algorithmsmay provide additional security for the encrypted data. The particularencryption algorithm used for a particular release of a media articlemay be stored by the source server for later use by a client. In thealternative or in addition, all or a portion of the encryption algorithmmay be predetermined and encoded on the media article itself.

At any time before or after the secondary content is encrypted and/orstored at the source terminal, the media articles encoded with the REAVDused to encrypt the secondary content may be distributed to end users308. This may be accomplished using any suitable wholesale/retaildistribution method. Such media articles may be promoted as containingkeys needed to unlock specified secondary content. Consumers thatpurchase or otherwise receive the media articles will tend to play themedia articles to view the primary content encoded in the REAVD thereon.The primary content may include a program for communicating with asource terminal for the secondary content. In the alternative, or inaddition, the media article may be read by a general purpose computerclient having a separate program for communicating with a sourceterminal for the secondary content. Thus, the source terminal mayreceive requests 310 from one or more clients requesting access toencrypted secondary content associated the various media articlescontaining a REAVD encryption key.

As discussed in reference to FIG. 1, only client terminals with accessto the original or authorized copies of the DVD disc or other mediaarticle containing the REAVD decryption key are capable of decryptingthe encrypted secondary content. Thus, once a client terminal is playingthe original or authorized copies of the DVD disc or other mediaarticle, it may also request additional secondary content from the hostserver. In response to receipt of the request by the source server 310,the encrypted secondary content may be delivered to the client terminal312. In the alternative, or in addition, the source terminal maydetermine a REAVD key recognition algorithm associated with the mediaarticle at the client terminal, and transmit the REAVD key recognitionalgorithm to the client in response to the request. This may not benecessary if, in the alternative, the REAVD key recognition algorithm isencoded on the media article or predetermined and known to the clientterminal by an earlier communication, such as in a media player update.Likewise, the source terminal may determine an encryption algorithmassociated with the media article at the client terminal, and transmitthe encryption algorithm to the client in response to the request.Again, this may not be necessary if, in the alternative, the encryptionalgorithm is encoded on the media article or predetermined and known tothe client terminal by an earlier communication. Of course, instead oftransmitting the encryption algorithm or the REAVD key recognitionalgorithm to the requesting client, access may be provided in anothersuitable way in response to the request, such as, for example, informingthe client how to otherwise obtain the requested information orproviding a decryption key for it.

It may not be necessary to transmit the encrypted secondary content fromthe source terminal to the client. Secondary content may be providedfrom any other location, including from another portion of the mediaarticle, a related media article, or from another server. To provideaccess to such otherwise located secondary content, the source servermay, in response to the client request for access, provide one or bothof the REAVD key recognition algorithm or the encryption algorithm, asdiscussed above. In cooperation with the source terminal, a clientterminal having access to the media article with the necessary REAVD keyaccesses the encrypted secondary content and outputs an audio-visualpresentation of the secondary content. FIG. 5 shows exemplary steps of amethod 400 performed by a client terminal in obtaining access toencrypted secondary content from the source node. First, the userobtains an original or an authorized copy of a DVD or other mediaarticle encoded with REAVD, with the decryption key being determined byat least a portion of the REAVD 402. For example, the user may see theDVD promoted on an on-line store as “providing exclusive access to”additional content of interest, and therefore purchases the DVD. Theuser places the DVD or other media article in a suitable clientterminal, for example, a media center computer or network-enabledplaying device. The client terminal then plays the DVD/media article 404to view the primary content encoded thereon.

The primary content may include a menu providing the user with an optionto obtain the exclusive additional content. In the alternative, thismenu option is provided by a separate application operating on theclient terminal and configured to operate in response to insertion onthe media article in a player device or port of the client terminal. Inresponse to user selection of such a menu option, or automatically atany designated point during play of the primary program, the clientterminal may request and receive access to additional secondary contentfrom a source node 406. This access may be provided in the various waysdescribed above, including but not limited to various combinations ofdownloading the encrypted secondary content, obtaining a REAVD keyrecognition algorithm applicable to the media article accessed by theclient terminal, or obtaining the correct encryption/decryptionalgorithm for the secondary content. Using the REAVD key recognitionalgorithm, the client terminal may extract the massive REAVD decryptionkey from the DVD/media article 408. The REAVD key recognition algorithmmay require accessing data on a portion of the media article that is notnormally accessed by the client terminal to play the primary content orto copy the data on the media article to a different media article. Assuch, unless the client terminal is equipped with specially-designedpirating software and hardware, it should be unable to copy the entireREAVD encryption/decryption key to a different media article.

After the REAVD decryption key is extracted, or concurrently as it isextracted, the client terminal may use the REAVD decryption key todecrypt secondary content 410 provided by the source node or from anyother source, including but not limited another media playing device incommunication with the client terminal. The secondary content may bedecrypted in a continuous process synchronous with the output of theresulting audio-video signal, in an asynchronous batch process, or insome combination of the foregoing, depending on the application. Formost content, a continuous synchronous process that does not requirestorage of the resulting decrypted content may be more secure and moreefficiently use client system resources. The client terminal may thenplay the decrypted secondary content 412 to produce an audio-videooutput for the user. Method 400 may be repeated to access any additionalsecondary content for which a particular media article, via its encodedREAVD, provides exclusive access. Such additional content may readily becreated and made available at any time after the REAVD is defined.

Thus, it is possible, for example, to use a particular media article,such as a DVD disc of the first episodes of a television series, as akey for unlocking any number of subsequent episodes, or for that matter,an entire library of encrypted information. It is not necessary that thesecondary content be related to the primary content encoded in the REAVDmedia article. It may be desirable, for some applications, for thesecondary content to be unrelated. For example, a DVD disk containing“Lectures On The Theory Of Relativity” might be utilized as a key foraccessing adults-only entertainment content, whether on-line or encodedon other media articles, effectively preventing inadvertent access tothe adults-only content by underage viewers.

It should be understood that while this invention is valuable in varioussettings, one particular application is to permit decryption of live,time-sensitive events. Thus, for example, the WWF might make a livebroadcast of a wrestling match where the match can only be decrypted bysomebody who has purchased one or more specific disks. It is understoodthat multiple streams keyed to multiple encryption keys may be used topermit the use of more the one disk to decrypt the stream.

While it is possible that only a very small portion of the disk needs tobe used as a decryption key, one preferred implementation is to utilizethe entirety of the disk as the decryption key, with a one to onemapping of encrypted data to the data on the disk. Thus, for example, ifthe entirety of the disk consisted of a stream of bits that were allalternating 0's and 1's (i.e. 0-1-0-1-0-1, etc.), the encrypted datastream would be subject to an “exclusive or” operation or the additionof the DVD bit in a base-2 math mechanism. So if the DVD was 0-1-0-1-0-1and the streamed content were 0-0-0-1-1-1, the encrypted stream mightlook like 0-1-0-0-1-0. Such operation would be carried out over a largeenough portion of the disk (preferably all of it) as to require aperfect, exact, uncompressed copy of the entire disk in order to decryptthe stream.

Another application of this invention is to permit legal content ownerswhose disk has become damaged to download or stream a copy of thecontent at will. In this mechanism, multiple streams are available whichare each keyed to data sets residing on differing portions of thephysical disk media. If one portion of the media is damaged, the userwould seek out a stream that is encrypted against the undamaged portionof the media.

Another application would be to permit people who own more than one diskfrom a specified series, source, or even unrelated sources to createcontent that is more than the sum of the parts. For example, a user whopurchases both season 1 of “Patents” and season 2 of “Patents” would beable to put one disk in from season 1, have software read a portion ofthe data, or the decryption key for the data. The user then puts in adisk from season 2 and the software combines the portion from the firstdisk, or utilizes the decryption key from the first disk, to extractotherwise hidden or inaccessible content. The content might consist ofsomething like a behind the scenes documentary of the making of“Patents.”

In view of the foregoing, various advantages of and applications for thepresent technology should be apparent. The nature of the technologyprovides various advantages, some of which may be summarized as follows:(1) The relatively massive size of the REAVD decryption key, which maybe hundreds megabytes or as large as a digital data required for afull-length motion picture, may make widespread distribution of anillegally copied key much more cumbersome than traditional decryptionkeys. (2) The use of REAVD that functions for providing a primaryprogram also as an encryption key for secondary content is an efficientuse of media and can be used to promote sales of the media articles forthe primary program. (3) The use of a secret REAVD key recognitionalgorithm, which can readily be changed without any need to change theREAVD on the media article, provides additional security andflexibility. (4) The use of a secret encryption/decryption algorithm,which can also be readily changed without requiring changes to the REAVDor the REAVD key recognition algorithm, provides yet another layer ofadditional security and flexibility. (5) Storage of a portion of theREAVD decryption key on a portion of a media article that ismanufactured to not be readily copied to a writable media article copyfurther enhances security of the key.

The foregoing detailed description and specific examples, whileindicating a preferred embodiment of the novel technology disclosedherein, are given by way of illustration and not limitation. Manychanges and modifications within the scope of the present invention maybe made without departing from the spirit thereof, and the inventionincludes all such modifications. For example, while the use of DVD discsas media articles has been referred to, it should be appreciated thatother data storage formats may be equally suitable for use with thepresent technology.

What is claimed is:
 1. A method comprising: sending encrypted content toa client terminal, wherein the encrypted content comprises at least onelive audio-video data stream; keying the encrypted content to adecryption key, wherein the decryption key is configured to be encodedon and extracted from a media article distinct from the encryptedcontent; and wherein the client terminal is configured to read thedecryption key from the media article and decrypt the encrypted contentsent according to a defined algorithm using the decryption key.
 2. Themethod of claim 1, wherein the encrypted content comprises multiple liveaudio-video streams keyed to multiple encryption keys.
 3. The method ofclaim 2, wherein each of the multiple encryption keys are configured tobe encoded on separate media articles.
 4. The method of claim 2, whereinthe multiple encryption keys are configured to be encoded on differingsegments of the same media article.
 5. The method of claim 1, whereinthe decryption key is configured to comprise only a small portion of themedia article.
 6. An system comprising: a processor operably coupled toa media reader, the processor configured to: receive encrypted contentcomprising live audio-video data; extract a decryption key from a mediaarticle distinct from the encrypted content; and decrypt, according to adefined decryption algorithm, the encrypted content using the decryptionkey.
 7. The system of claim 6, wherein the encrypted content comprisesmultiple live audio-video streams keyed to multiple encryption keys. 8.The system of claim 7, wherein each of the multiple encryption keys areencoded on separate media articles.
 9. The method of claim 7, whereinthe multiple encryption keys are encoded on differing segments of thesame media article
 10. The apparatus of claim 6, wherein the encryptedcontent is received from a remote host.
 11. A method comprising: sendingencrypted content to a client terminal, wherein the encrypted contentcomprises multiple live audio-video data streams; keying the encryptedcontent to multiple decryption keys, wherein each of the decryption keysare configured to be encoded on and extracted from differing segments ofa media article, and wherein the client terminal is configured todecrypt, according to a defined algorithm, at least a portion of theencrypted content based on one or more of the decryption keys.
 12. Themethod of claim 11, wherein the encrypted content is further configuredto be downloaded by the client terminal and viewed at a time after thelive audio-video streams are sent.